//package net.dreamlu.config;
//
//import javax.sql.DataSource;
//
//import org.springframework.beans.factory.annotation.Autowired;
//import org.springframework.boot.context.properties.EnableConfigurationProperties;
//import org.springframework.cache.CacheManager;
//import org.springframework.context.annotation.Bean;
//import org.springframework.context.annotation.Configuration;
//import org.springframework.core.annotation.Order;
//import org.springframework.security.authentication.AuthenticationManager;
//import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
//import org.springframework.security.config.annotation.web.builders.HttpSecurity;
//import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
//import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
//import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
//import org.springframework.security.crypto.password.PasswordEncoder;
//import org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl;
//import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository;
//import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
//import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
//
//import net.dreamlu.mica.captcha.servlet.MicaCaptchaServlet;
//import net.dreamlu.secrity.auth.DreamAccessDeniedHandler;
//import net.dreamlu.secrity.auth.DreamAuthHandler;
//import net.dreamlu.secrity.auth.DreamAuthenticationProvider;
//import net.dreamlu.secrity.auth.DreamWebAuthDetailsSource;
//import net.dreamlu.secrity.service.DreamUserDetailsService;
//
//@EnableWebSecurity
//@Configuration
//@EnableConfigurationProperties(DreamSecurityProperties.class)
//public class MultiHttpSecurityConfig {
//
//	@Autowired
//	private DreamUserDetailsService	userDetailsService;
//	@Autowired
//	private MicaCaptchaServlet		dreamCaptcha;
//	@Autowired
//	private DreamSecurityProperties	dreamProperties;
//	@Autowired
//	private CacheManager			cacheManager;
//	@Autowired
//	private DataSource				dataSource;
//
//	@Bean
//	public PasswordEncoder encoder() {
//		return new BCryptPasswordEncoder(4);
//	}
//
//	@Bean
//	public DreamAuthenticationProvider authProvider() {
//		final DreamAuthenticationProvider authProvider = new DreamAuthenticationProvider();
//		authProvider.setUserDetailsService(userDetailsService);
//		authProvider.setDreamCaptcha(dreamCaptcha);
//		authProvider.setDreamProperties(dreamProperties);
//		authProvider.setCacheManager(cacheManager);
//		authProvider.setPasswordEncoder(encoder());
//		return authProvider;
//	}
//
//	/**
//	 * 记住密码处理
//	 */
//	@Bean
//	public PersistentTokenRepository rememberMeTokenRepository() {
//		JdbcTokenRepositoryImpl tokenRepository = new JdbcTokenRepositoryImpl();
//		tokenRepository.setDataSource(dataSource);
//		return tokenRepository;
//	}
//
//	@Configuration
//	@Order(1)
//	public static class ForeConfigurationAdapter extends WebSecurityConfigurerAdapter {
//		@Autowired
//		private DreamAuthHandler			authHandler;
//		@Autowired
//		private DreamWebAuthDetailsSource	authDetailsSource;
//		@Autowired
//		private DreamAuthenticationProvider	dreamAuthenticationProvider;
//		@Autowired
//		private DreamUserDetailsService		userDetailsService;
//
//		@Override
//		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
//			auth.authenticationProvider(dreamAuthenticationProvider);
//		}
//
//		@Bean
//		@Override
//		public AuthenticationManager authenticationManagerBean() throws Exception {
//			return super.authenticationManagerBean();
//		}
//
//		@Override
//		protected void configure(HttpSecurity http) throws Exception {
//			http.antMatcher("/fore/**")// 多HttpSecurity配置时必须设置这个，除最后一个外，因为不设置的话默认匹配所有，就不会执行到下面的HttpSecurity了
//					.formLogin().loginPage("/fore/login")// 登陆界面页面跳转URL
//					.loginProcessingUrl("fore/session")// 登陆界面发起登陆请求的URL
//					.successHandler(authHandler).failureHandler(authHandler).authenticationDetailsSource(authDetailsSource).permitAll()// 表单登录，permitAll()表示这个不需要验证
//					.and()// Return the SecurityBuilder
//					.logout().logoutUrl("/fore/user/loginOut")// 登出请求地址
//					.logoutSuccessUrl("/").and().authorizeRequests()// 启用基于 HttpServletRequest
//																	// 的访问限制，开始配置哪些URL需要被保护、哪些不需要被保护
//					.antMatchers("/user/**", "/detail/toDetailPage*").permitAll()// 未登陆用户允许的请求
//					.anyRequest().hasAnyRole("USER")// 其他/fore路径下的请求全部需要登陆，获得USER角色
//					.and().headers().frameOptions().disable()// 关闭X-Frame-Options
//					.and().csrf().csrfTokenRepository(new CookieCsrfTokenRepository());
//		}
//	}
//
//	@Configuration
//	@Order(2)
//	public static class AdminSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
//
//		@Autowired
//		private DreamAuthenticationProvider	dreamAuthenticationProvider;
//		@Autowired
//		private DreamAuthHandler			authHandler;
//		@Autowired
//		private DreamWebAuthDetailsSource	authDetailsSource;
//		@Autowired
//		private DreamUserDetailsService		userDetailsService;
//		@Autowired
//		private PersistentTokenRepository	persistentTokenRepository;
//
//		@Override
//		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
//			auth.authenticationProvider(dreamAuthenticationProvider);
//		}
//
//		@Override
//		protected void configure(HttpSecurity http) throws Exception {
//			http.antMatcher("/admin/**").formLogin().loginPage("/admin/login")// 登陆界面页面跳转URL
//					.loginProcessingUrl("/admin/session")// 登陆界面发起登陆请求的URL
//					.successHandler(authHandler).failureHandler(authHandler).authenticationDetailsSource(authDetailsSource).permitAll()// 表单登录，permitAll()表示这个不需要验证
//					.and().rememberMe().tokenRepository(persistentTokenRepository).userDetailsService(userDetailsService).tokenValiditySeconds(30 * 24 * 60).and().logout()
//					.logoutRequestMatcher(new AntPathRequestMatcher("/logout")).logoutSuccessUrl("/").deleteCookies("JSESSIONID", "remember-me").and()// Return the SecurityBuilder
//					.authorizeRequests()// 启用基于 HttpServletRequest 的访问限制，开始配置哪些URL需要被保护、哪些不需要被保护
//					.antMatchers("/admin/**").hasAnyRole("ADMIN")// 其他/fore路径下的请求全部需要登陆，获得USER角色
//					.and().csrf().csrfTokenRepository(new CookieCsrfTokenRepository());
//		}
//	}
//
//	@Configuration
//	@Order(3)
//	public static class OtherSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
//		@Override
//		protected void configure(HttpSecurity http) throws Exception {
//			http.authorizeRequests()// 启用基于 HttpServletRequest 的访问限制，开始配置哪些URL需要被保护、哪些不需要被保护
//					.antMatchers("/", "/code/**", "/css/**", "/img/**", "/js/**").permitAll()// 其他请求放行
//					.and().csrf().csrfTokenRepository(new CookieCsrfTokenRepository());// 未登陆用户允许的请求
//		}
//	}
//}
